dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2409

Bigzizzzle
Premium Member
join:2005-01-27
Beverly Hills, CA

Bigzizzzle

Premium Member

[Info] Enterprise IP Addressing Scheme

I work for a company that utilizes public IP (Non RFC 1918 address ranges) for internal networking.

Why would they design the network around that?

Is there justification for this address space abuse?

Printers, Workstations etc all using Public routeable address spaces owned by the company.

Has anyone ever seen this?

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid

Member

abuse? As in why is your home address public? or why someone can find out who you are by your license plate?

There is no reason to use 1918 unless you do not have any IP to use or think of it as building sand castle and not a real one since you'd need a real property for that...

Most companies use their real routable IP addressing.
Bink
Villains... knock off all that evil
join:2006-05-14
Colorado

Bink to Bigzizzzle

Member

to Bigzizzzle
This is common place in large companies--if you have the IPs, use them. That said, hoarding unrouted IPv4 addresses is popular nowadays.
cramer
Premium Member
join:2007-04-10
Raleigh, NC
Westell 6100
Cisco PIX 501

cramer to Bigzizzzle

Premium Member

to Bigzizzzle
I would call it "lame excuse" more than "justification" -- the most common reason claimed is "ease of network interconnects" (i.e. inter-company VPNs) (see also: "lame excuse") Yes, there are lots of companies doing this. (USPS for one.) If you wanted to bitch about such misuses, you missed the boat over a decade ago. At this point, It. Does. Not. Matter. We're out of IPv4 address space; getting back the handful of (legacy) prefixes being used in this manner won't change that.
aryoba
MVM
join:2002-08-22

aryoba to Bigzizzzle

MVM

to Bigzizzzle
There are some valid reasons of using Non-RFC-1918 IP version 4 addresses for internal networking. Following are some of those reasons.

* The internal network has been so huge that you cannot use RFC-1918 IP addresses for everything. In this case, you can only use RFC-1918 IP addresses for point-to-point network while hosts (such as router's Loopback interfaces, servers, printers, PC) have to use non-RFC-1918 IP addresses

* There are overlapping IP schemes within the internal network when you try to use RFC-1918 IP addresses for everything. This case usually applies when there are two companies merging or one company acquires other companies that the IP scheme overhaul usually result in using non-RFC-1918 IP addresses for hosts

Da Geek Kid
join:2003-10-11
::1

1 recommendation

Da Geek Kid to Bigzizzzle

Member

to Bigzizzzle
and to add to this... IPv6 would have no shortage for a quite a while so no one would be using a private addressing/NAT.
tunerX
join:2012-02-20

tunerX

Member

NAT has an inherent security feature that eliminates visibility into a local networks addressing schema.

RyanG1
Premium Member
join:2002-02-10
San Antonio, TX

RyanG1

Premium Member

So do access-lists.

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid

Member

lol, so does ip route x.x.x.x x.x.x.x null0

bitbucket!

Bigzizzzle
Premium Member
join:2005-01-27
Beverly Hills, CA

Bigzizzzle to RyanG1

Premium Member

to RyanG1
Thanks for the feedback it just rubbed me different when I saw this.

Keep pushing those packets.
mdpeterman
join:2010-10-10
Pflugerville, TX

mdpeterman

Member

The company I work for uses publicly routable IPs for almost everything. They also use 10.0.0.0/8 for select other equipment, but not much.

The university I went to used all public IPs too. If they have the addresses, they use them and most of their networks were established before NAT was popular.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Bigzizzzle

MVM

to Bigzizzzle
said by Bigzizzzle:

Why would they design the network around that?

Politics trumping Best Practices? Otherwise, they're just that sure of their security.

Otherwise, all the other comments so far are valid as well
said by Bigzizzzle:

Has anyone ever seen this?

My old employer did this (IBM 9's network). My current employer does this as well. Whether I could hit
my laptop's IP address from the Internet, well... never got the chance to test this theory.

Regards

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid

Member

You won't get a chance to do so from the network perspective, however, what makes this work on any network is the trojan installed on the CEO's PC that tells the thief about his US offshore accounts, passwords to his VIP Pr0n store, etc...

All those has nothing todo with NAT/PAT...

Wily_One
Premium Member
join:2002-11-24
San Jose, CA

Wily_One to HELLFIRE

Premium Member

to HELLFIRE
I'd imagine most of the big companies that do this, do it because of legacy reasons. (e.g. "because we've always done it like this")

But that said, now that the pool of available IPv4 address space has been exhausted the RIRs like ARIN are cracking down on companies with existing allocations which are not, in fact using them. So some companies will look at it as a use-it-or-lose-it proposition.

battleop
join:2005-09-28
00000

1 recommendation

battleop to Bigzizzzle

Member

to Bigzizzzle
ADP is one company that's know for pissing away public IPs like this.

Da Geek Kid
join:2003-10-11
::1

Da Geek Kid to Bigzizzzle

Member

to Bigzizzzle
lol

Ok. So in the early 80s you had a company and bought a /8 network and AS numbers to go with it...

So now, let's use RFC1918 because somehow we think NAT is our security?